EU DMA Probes AWS and Azure Cloud to Curb Gatekeeper Power

The European Commission’s decision to open three separate market investigations into Amazon Web Services (AWS) and Microsoft Azure under the Digital Markets Act (DMA) marks a decisive escalation in Brussels’ effort to bring the cloud infrastructure layer within the EU’s toughest ex‑ante digital rules and poses immediate, far‑reaching questions for cloud customers, competitors, and the global tech industry. The Commission has opened two focused inquiries — one into AWS and one into Azure — plus a third, horizontal probe to determine whether the DMA’s current toolbox can be sensibly adapted to cloud markets; the Commission aims to complete these inquiries within roughly 12 months.

Background​

Cloud computing is no longer a back‑office convenience: it is the foundation for government services, banking, critical communications, and the compute fabric that powers modern AI. For regulators, that makes concentration in the cloud market a systemic concern — and a natural target for a law designed to curb gatekeeper power in digital markets. The DMA establishes a legal regime of gatekeeper obligations — non‑discrimination, interoperability mandates, data‑portability, and bans on self‑preferencing — backed by heavy fines for non‑compliance. The Commission’s probes will test whether hyperscale cloud platforms should be treated as gatekeepers or whether the DMA requires adaptation to fit an infrastructure market with distinct technical, contractual, and procurement realities.

What Brussels has opened​

• Two market investigations, one each for AWS and Microsoft Azure, to assess whether those cloud services meet the DMA’s gatekeeper tests and functional criteria.
• A third, cross‑cutting inquiry to evaluate whether the DMA’s rules — written around consumer‑facing and marketplace platforms — are appropriate for enterprise cloud infrastructure or require sector‑targeted adjustments.

The Commission’s public timetable is brisk: investigators expect to conclude the probes in approximately 12 months, a timeline that signals urgency but also leaves room for a detailed, technical fact‑finding process.

---

Why the EU moved now​

Several converging dynamics prompted Brussels to act: concentrated market shares among a handful of hyperscalers, repeated high‑impact outages that exposed operational fragility, and the hypergrowth of AI workloads that deepen vendor lock‑in through proprietary stacks and specialized accelerators. Regulators also face political pressure to shore up “digital sovereignty” — ensuring the EU’s public services and critical infrastructure can run on trusted, contestable platforms. The UK’s Competition and Markets Authority (CMA) and industry monitoring groups have previously flagged switching costs, egress fees, and licensing practices as structural barriers that reduce competition, creating a precedent that influenced the Commission’s calculus.
Key practical drivers motivating the probes:

• Market concentration: Independent analyses and national findings show AWS, Azure and Google Cloud dominate a large share of public cloud spending. That concentration is central to the gatekeeper hypothesis.
• Switching friction and vendor lock‑in: Egress charges, proprietary APIs, bundled managed services and licensing differentials create real economic and technical costs to migration.
• AI and specialised compute: The rise of managed AI stacks and unique hardware accelerators increases the value of integrated ecosystems and raises the strategic cost of lock‑in.
• Operational risk: Large outages at hyperscalers have shown how single‑provider faults can cascade across the economy, elevating the public‑policy imperative to ensure resilience.

---

What the investigations will examine​

The Commission’s lines of inquiry are practical and technical. Expect teams to probe both market structure and specific conduct.

Core areas of focus​

• Gatekeeper designation criteria: Do the quantitative and qualitative tests in the DMA apply to cloud infrastructure services and, if so, do AWS or Azure meet them for their cloud offerings?
• Data portability and egress: Are exit costs and technical barriers inflated by design, and do contractual egress terms materially hinder customer mobility?
• Self‑preferencing and bundling: Do hyperscalers give preferential treatment to first‑party managed services, marketplaces, or integration advantages that disadvantage independent ISVs and competing infrastructure providers?
• Interoperability and control‑plane access: Are APIs and control‑plane primitives proprietary in ways that prevent practical multi‑cloud operations or fast failover?
• Pricing and licensing structures: Does licensing (for example, Windows Server, SQL Server, or productivity suites) embed terms that make non‑native deployments economically unattractive?

The DMA fitness question​

A unique and high‑stakes part of the Commission’s work is methodological: the DMA was conceived around consumer‑facing core platform services measured by user metrics and advertising/revenue dynamics. Cloud markets use different metrics — contract values, capacity quotas, and enterprise procurement processes — and rely on deeply technical interfaces that don’t map neatly to the DMA’s existing language. The Commission’s third probe will assess whether DMA obligations can be adapted to cloud without producing unintended technical or legal consequences.

---

Possible outcomes and remedies​

The Commission’s findings could lead to a range of outcomes, each carrying distinct consequences for markets and customers.

• Designate AWS and/or Azure as gatekeepers for cloud services, triggering the DMA’s full palette of obligations — interoperability mandates, bans on self‑preferencing, and transparency/audit obligations.
• Recommend targeted, market‑specific remedies without full DMA designation — for example, caps or standards for egress fees, enforceable migration guarantees, or non‑discrimination commitments.
• Conclude the DMA is not the right tool for cloud and instead propose a hybrid approach combining competition law, sectoral regulation, or new legislation tailored to cloud and AI.

If formal gatekeeper designations are applied, non‑compliance with DMA obligations can trigger fines of up to 10% of global annual turnover for first breaches and up to 20% for repeat infringements — a punitive backdrop likely to shape provider behaviour.

---

Immediate implications for enterprise IT and procurement​

The regulatory inquiry is not just an academic exercise. For IT leaders responsible for cloud architecture, security, and procurement, the Commission’s probes create an urgent planning horizon.
Practical steps organizations should treat as high priority:

• Map dependencies and escape routes. Catalogue which workloads, managed services, and data flows are tied to single‑vendor features and quantify the technical and financial cost of migration.
• Strengthen contractual exit terms. Negotiate clear egress clauses, performance guarantees for migration tooling, and rights to customer‑managed encryption keys stored in the EU.
• Insist on auditability and proof. Demand third‑party audit reports and the contractual right to inspect telemetry, data residency controls, and encryption key handling.
• Architect for portability. When possible, design workloads using open standards, containerization, or abstraction layers to reduce switching costs. Consider hybrid and sovereign cloud options for sensitive workloads.
• Test failover and incident readiness. Validate multi‑region and multi‑provider disaster recovery plans through drills that simulate provider‑level outages.

These steps protect organizations in the short term and prepare them for a future in which vendor obligations, technical standards, or pricing rules may change materially.

---

Strengths of the EU’s approach​

Bringing cloud under the DMA’s scope — or at least testing that possibility — has meaningful benefits:

• Proactive, ex‑ante action. The DMA’s preventive focus can limit harmful entrenchment before it becomes irreversible, unlike ex‑post antitrust cases that typically come after harms are entrenched.
• A clearer playing field for competitors. Interoperability and non‑discrimination obligations would lower barriers for independent cloud providers and ISVs, potentially re‑energising competition.
• Stronger protections for public interest services. Enforceable portability and transparency would help public administrations and critical sectors maintain resilience and sovereignty.

The Commission’s explicit consideration of DMA fit for cloud demonstrates an awareness that one‑size‑fits‑all regulation can produce technical mismatches — a pragmatic posture that reduces the risk of blunt, unimplementable mandates.

---

Risks, downsides, and practical challenges​

Regulating cloud through the DMA is technically and legally complex, and missteps could produce negative side effects.

• Technical infeasibility or fragmentation. Mandating deep control‑plane interoperability risks exposing complex internal primitives that are not standardized, potentially creating brittle cross‑provider dependencies or reducing innovation in low‑level platform design.
• Innovation chill and investment impacts. Hyperscalers argue that heavy ex‑ante burdens could disincentivize the massive capital investments required for data centres, specialised accelerators and R&D, which could slow the rollout of next‑generation infrastructure in Europe. Regulators must weigh contestability against investment incentives.
• Enforcement complexity. Translating gatekeeper obligations — designed around consumer algorithms and marketplaces — into enforceable cloud metrics (e.g., capacity allocation, routing priorities, resource throttling) will require sophisticated technical standards and ongoing auditing capability.
• Geopolitical friction. Any move that materially constrains U.S. hyperscalers risks diplomatic pushback and possible retaliatory measures; regulators will need to manage transatlantic relations while pursuing competition and sovereignty objectives.

Because many assertions about the Commission’s internal deliberations have been reported through anonymous briefings, the public record is still evolving; early press accounts should be treated with caution until formal Commission notices and decision documents are published.

---

Likely industry responses​

• Amazon and Microsoft have signaled intentions to cooperate with regulators while defending their positions. Microsoft has publicly indicated cooperation with the inquiry; AWS has warned that gatekeeper labeling for cloud could hamper innovation and raise costs for European businesses. Expect vigorous legal and technical engagement from the companies.
• European hosters and CISPE will press for robust remedies that preserve competition and procurement options, while also seeking clarity on technical standards to enable fair participation. Previous industry arrangements and monitoring mechanisms — such as memoranda of understanding and industry observatories — will play a part in shaping outcomes and compliance roadmaps.
• Customers will demand contractual and architectural safeguards and may accelerate multi‑cloud strategies or sovereign cloud pilots to reduce political and operational exposure.

---

How this could reshape the cloud market​

If the Commission applies DMA obligations to the cloud or secures binding remedies, the technical and commercial contours of cloud adoption in Europe could change substantially:

• Portability improves through standard APIs and certified migration tooling, reducing long‑term vendor lock‑in.
• Market entry becomes more viable for European and regional cloud providers that can compete on compliance, sovereignty and cost‑effective managed services.
• Cloud procurement changes: public buyers could write portability and auditability requirements into tenders; private enterprises may demand stronger exit rights and proof‑point guarantees.

At the same time, partial or poorly specified obligations could prompt a splintered regulatory landscape across jurisdictions — increasing integration costs and reducing the global scale benefits that cloud providers currently deliver. The Commission’s third probe — assessing whether the DMA is a good fit for cloud — reflects that practical concern.

---

What to watch over the next 12 months​

• Formal Commission notices and case openings. These will define the factual and legal scope of each market investigation and are the authoritative documents to follow.
• Technical evidence submissions. Expect extensive filings from hyperscalers, ISVs, industry associations, national regulators (e.g., CMA) and public‑sector customers that will shape remedy options.
• Interim policy signals. The Commission may announce immediate, targeted remedies or guidance on egress pricing or portability while studying broader DMA fit.
• Transatlantic and multilateral responses. Watch for diplomatic engagement and potential industry lobbying that could influence the political feasibility of any gatekeeper designations.

---

Final assessment and recommendations for IT leaders​

The EU’s DMA probes into AWS and Azure are a watershed moment: regulators are finally testing whether the legal architecture that tamed consumer platforms can be stretched to the strategic layer of cloud infrastructure. The probes have real potential to reduce lock‑in and enhance contestability, but they also confront formidable technical, legal and geopolitical obstacles.
For IT leaders and procurement teams, the responsible course combines immediate defensive measures with strategic posture shifts:

• Treat portability and exit planning as operational priorities now, not afterthoughts.
• Strengthen contractual safeguards: explicit egress terms, customer‑managed key controls, audit rights and migration SLAs.
• Build for multi‑cloud resilience where it materially reduces business risk and aligns with cost and security needs. Document trade‑offs rigorously.
• Monitor the Commission’s formal filings and technical consultations closely; participate in industry consultations to shape workable, technical standards.

This is a live, technical, and politically charged process. The next 12 months will determine whether the DMA becomes a decisive tool for cloud governance or whether the EU opts for a hybrid, sector‑specific path that balances contestability with technical feasibility. Either way, organizations that proactively adapt contracts, architecture and procurement strategies will be best positioned to capture value and avoid disruption as regulatory winds change.

---

The landscape of cloud governance is shifting from a market dominated by scale to one increasingly shaped by regulatory design; the European Commission’s probes put a premium on portability, transparency, and resilience — and they will force customers, providers, and policymakers to reconcile the technical realities of cloud with the strategic imperative of competitive digital markets.

---

Source: Latest news from Azerbaijan EU launches probes into Amazon and Microsoft cloud services under Big Tech crackdown | News.az